General
-
Target
8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
-
Size
291KB
-
Sample
220912-nczjvaghcq
-
MD5
1e982a3efe0bf51fc997cc3a08ebab34
-
SHA1
deb3a2ca2bf4a032f2df55f5117d6f774dad2030
-
SHA256
8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
-
SHA512
68e89eba604c225c97570a23c976c55821bb709167b57ffb3377f313b4fdd1feda9919ed943c2d9e61524dd6e5ddf84791d7075040e1eeca744d696f1688ee5b
-
SSDEEP
6144:H9PQU6275aiZRn9o5xbXsq6wbZdW+Ht/R/oS7Z1tq:HuglaiH65xbXsq6wDpVR/n7Z
Static task
static1
Behavioral task
behavioral1
Sample
8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
raccoon
567d5bff28c2a18132d2f88511f07435
http://116.203.167.5/
http://195.201.248.58/
Targets
-
-
Target
8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
-
Size
291KB
-
MD5
1e982a3efe0bf51fc997cc3a08ebab34
-
SHA1
deb3a2ca2bf4a032f2df55f5117d6f774dad2030
-
SHA256
8fec0d4a1db431baf98dcb64b2599e2ab0333a4ed0ae82fd944236f96c574e08
-
SHA512
68e89eba604c225c97570a23c976c55821bb709167b57ffb3377f313b4fdd1feda9919ed943c2d9e61524dd6e5ddf84791d7075040e1eeca744d696f1688ee5b
-
SSDEEP
6144:H9PQU6275aiZRn9o5xbXsq6wbZdW+Ht/R/oS7Z1tq:HuglaiH65xbXsq6wDpVR/n7Z
-
Detects Smokeloader packer
-
NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-